[LPS-56897] CSRF check always fails for plugins and WAB modules - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: No Longer Reproducible
Affects Version/s: 7.0.0 M7
Fix Version/s: 7.0.0 Beta 3
Component/s: Application Security
Labels:
- security-filter-bugs

Story Points:
1
Fix Priority:
5

Description

When trying to execute any action for a WAB/plugin portlet, the CSRF token check always fails. Non-wab OSGi modules work ok.

Tested with:

Microblogs, Knowledge Base (plugins).
Polls, Wiki (WAB modules).

To reproduce (using polls as an example):

Go to Admin > Content > Polls
Click on "Add" and insert valid data into the form
Save

Expected: A new poll is correctly created
Actual: The action has no effect, and the following message is shown in the logs: [SecurityPortletContainerWrapper:336] User 20195 is not allowed to access URL http://localhost:8080/group/control_panel/manage and portlet 25_WAR_pollsweb

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

reproduce56897.png
9 kB
07/Jan/16 6:12 PM

Issue Links

causes

LPS-56785 Microblogs - User is unable to create a microblog entry

Closed

is a dependency of

LPS-54717 Search Portlet - Knowledge Base Articles cannot be added to the Asset Type configuration

Closed

Activity

People

Assignee:: Ian Song (Inactive)

Reporter:: Adolfo Pérez

Participants of an Issue:: Adolfo Pérez, Ian Song, Philip Jones

Recent user:: Esther Sanz

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 07/Jul/15 2:08 AM

Updated:: 14/Jan/16 5:46 AM

Resolved:: 07/Jan/16 12:57 PM

Days since last comment:: 5 years, 2 weeks, 1 day ago

Packages

Version	Package
7.0.0 Beta 3